SSO for React SPA with another Auth0 client that is not SPA

I have 2 websites:

  • main.service.com that has the login and is implemented in Flask with server-side template rendering
  • b.service.com that is React SPA with NO login functionality, service is available if and only if user’s logged in at main.service.com

I currently have 2 applications, one for each domain, in the same tenant, thereby having the same user database.

I noticed a desync between the logged in users when I try logging in and out with a number of accounts a couple of times

I have a feeling that I’ve been doing this wrong the whole time.

If only 1 application is required:

  • Should it be regular web applications or single page applications?
  • What additional settings should I set so that the original login doesn’t break?

Hi @henry132109,

I will need more information before attempting to help:

  • Is the b.service.com redirecting you to main.service.com for logging in, or what does the flow look like?
  • How do you reach the b.service.com app?
  • Can you explain more about what you mean by “desync” and how it plays out?

Have a good one,
Vlad

Yes, basically the user is supposed to reach b.service.com from main.service.com.
If the user isn’t logged in, b.service.com redirects to main.service.com

For the desync part it’s on me - I didn’t have the code for main.service.com so I needed to log in b.service.com separately (not a concern at the moment)

Hi,

If they are both in the same tenant, they can both have the login functionality implemented. If you want b.service.com to use main.service.com as an identity provider (IdP), you should move b.service.com to a new tenant and use main.service.com as a custom OAuth2 connection. Otherwise, it makes more sense for both to implement the login functionality since b.service.com is not using main.service.com, but they are both using the same database.

If you have any other questions, feel free to reach out.

Have a good one,
Vlad

How should I put it…
b.service.com is only available to main.service.com users - they’re in the same tenant.

One thing I noticed is that there is a possibility of session desync (i.e. the user is logged out from b.service.com but not main.service.com) - I’m not sure if it’s due to the different frameworks used (i.e. is it something to be expected with SSO) or just coding problem (I don’t have access to the Python Flask code)